Welcome to the Monday Morning News Kick Off post from the ITAC blog. Once again it is Monday and here we are with a whole myriad of identity theft, data breach and cyber crime news to share. From news of Facebook’s new Timeline being a boon for hackers to updates on data breach legislation and another notorious hacker being arrested, we have it all in one place for your reading pleasure. Happy Monday!

Facebook’s Timeline Will Be Boon for Hackers
Facebook’s new Timeline will make it even easier for criminals and others to mine the social network for personal information they can use to launch malicious attacks and steal passwords, a researcher said today. Timeline, which Facebook unveiled yesterday at a developer conference and plans to roll out to users in a few weeks, summarizes important past events in a one-page display. Read the full Computerworld post here.

Pentagon Extends Program to Defend Cyber Networks
As hackers and hostile nations launch increasingly sophisticated cyberattacks against U.S. defense contractors, the Pentagon is extending a pilot program to help protect its prime suppliers. That program could possibly serve as a model for other government agencies. It is being evaluated by the Department of Homeland Security, as part of a potential effort to extend similar protections to power plants, the electric grid and other critical infrastructure. Efforts to better harden the networks of defense contractors come as Pentagon analysts investigate a growing number of cases involving the mishandling or removal of classified data from military and corporate systems. Intrusions into defense networks are now close to 30 percent of the Pentagon’s Cyber Crime Center’s workload, according to senior defense officials. And they say it continues to increase. Read the full ABC News post here.

2 million in Massachusetts Victims of Data Breaches
The attorney general’s office says the personal information of about two million Massachusetts residents, or about one out of every three people who live in the state, has been compromised through electronic data breaches in the past 20 months. Attorney General Martha Coakley last week released a breakdown of notices it has received in response to a 2007 state law that requires all companies doing business in Massachusetts to inform consumers and state regulators about security breaches that might result in identity theft. Read the full Boston Herald article here.

USA Today’s Twitter Account Falls Victim to Hackers
The same group that hacked NBC News’ Twitter account on September 9 and sent tweets about a bogus attack on Ground Zero apparently grabbed hold of USA Today’s Twitter feed yesterday and fired off a clutch of messages. The taunting tweets from someone claiming to be The Script Kiddies asked if Twitter had the courage to suspend the group again and encouraged Twitter users to vote for the next account to be hacked. “Fox News, Wal-mart, Unilevel, Pfizer, NBC and now USA Today. who’s next? Vote now!” read one of the tweets. As of this writing, it seemed USA Today had regained control of its feed. Read the full CNET post here.

Feds: Homeless Hacker ‘Commander X’ Arrested
Christopher Doyon, a 47-year-old homeless man, was one of two men arrested Thursday for carrying out cyber attacks on Santa Cruz County computers. The federal indictment alleges that Doyon used the screen name “Commander X” and he, along with Joshua John Covelli, carried out a distributed denial of service (DDoS) attack on Santa Cruz County computers last year as part of a protest against the county’s ban on outdoor sleeping. Both men are alleged to have ties to the hacking group Anonymous. Doyon’s attorney, Jay Leiderman, tells CBS News his client is homeless but would not confirm that Doyon was in fact the hacker known as Commander X. Read the full CBS News post here.

Panel Approves Data-Breach Bills Despite Partisan Rancor
The Senate Judiciary Committee approved three bills last Thursday aimed at setting national standards for security breaches involving personal data, but the party-line vote on the measures may complicate efforts to move them to the Senate floor. The three measures are similar in that each would require companies to take reasonable steps to secure personal information about consumers and to notify consumers when their personal data has been stolen as a result of a security breach. Read the full National Journal article here.

Medical Identity Theft a Growing Problem
Nearly four out of ten doctors and hospitals surveyed have caught a patient trying to use someone else’s identity in order to obtain healthcare services, according to a new survey from accounting firm PricewaterhouseCoopers (PwC). Patients seeking medical services under someone else’s name was the second most common privacy or security issue reported by healthcare providers, according to PwC’s nationwide survey of 600 executives from U.S. hospitals, doctors’ organizations, health insurance companies, pharmaceutical manufacturers, and life sciences companies. Medical identify theft is the fastest-growing form of identity theft, affecting 1.42 million Americans in 2010 and costing more than $28 billion, the report said. Read the full MedPage post here.

It’s not often that hackers and cybercriminals get the blessing from the Catholic Church.  In fact, it’s pretty much never happened before and has many people scratching their heads.  What are we taking about? Jesuit priest Father Antonio Spadaro wrote in the Vatican magazine Civilta Cattolica that hackers are doing God’s work.  Yes, this is not a post-April Fool’s Day joke.

According to this CBS News article, the hacker ethic of embracing a rejection of a profit-oriented approach to work is appealing. “It’s a vision that is … of a clear theological origin,” Spadaro wrote, alluding to their collaborative vision of sharing – a philosophy he said was embodied by the Wikipedia model.

Well, perhaps when we say giving cybercriminals their blessing; that may be a bit extreme.  Father Spadaro is clearly touting the benefit of openness, creativity and collaboration and sites Wikipedia as a prime example (from the CBS News article):

“To create the biggest collaborative encyclopedia of Internet it is estimated that it took around 100 million hours of intellectual work, which is the equivalent of the time the citizens of the United States spend watching advertising on TV in a single weekend,” according to Spadaro.

Yes, we agree that Wikipedia is an amazing thing — a true example of open source collaboration.  And, yes, there are certain aspects of the hacker culture that is cool — like thumbing their noses at authority and seeking justice – but there are also some very bad things about hackers.  Cybercrime, anyone?

The notorious hacker group that goes by name ‘Anonymous’ is certainly winning the PR war. Everywhere you turn, there is a story about the group battling Visa, HBGary, the jailers of Private Bradley Manning and even good old corporate America. Well, now the group is going for the big time by declaring a ‘cyber war’ against the U.S. government.

Here’s what the group’s founder had to say according to this Fox News story:

“It’s a guerrila cyberwar — that’s what I call it,” Barret Brown, 29, said in an interview with MSNBC Tuesday. Brown, a college dropout, claims to be a senior strategist and “propagandist” for the hacker group, which calls itself “Anonymous.” He considers this new “war” a reactionary response: “It’s sort of an unconventional asymmetrical act of warfare that we’re involved in, and we didn’t necessarily start it. I mean, this fire has been burning.”

Check out this MSNBC inteview with Barrett Brown:

Visit msnbc.com for breaking news, world news, and news about the economy

What do you think? is Anonymous a group of hacker vigilantes?

Welcome to the Monday Morning News Kick Off post from the ITAC blog. As our dedicated readers know, today officially kicks off RSA 2011. And after about four weeks of running our “Countdown to RSA” podcast series, we are very excited that the most significant event in cybersecurity is finally happening. So, we have dedicated this week’s Monday post to all RSA 2011 news happening. Think of the ITAC blog as your “one-stop destination” for all things RSA.

RSA Conference 2011 Opens Today in San Francisco
Information security professionals and business leaders from around the world convened today for the opening of the annual RSA Conference being held at San Francisco’s Moscone Center. Taking place February 14-18, RSA Conference 2011 proudly brings together the information security industry’s best and brightest, providing unparalleled educational opportunities and insight into the most important issues. Through interactions with peers, industry luminaries and emerging and established companies, RSA Conference is the place for security experts to gather for a discussion on current and emerging threats. Read the full RSA press release here.

Deputy Secretary of Defense William Lynn to Speak at Pentagon RSA Conference 2011
RSA Conference, an information security conferences and expositions, has announced that Deputy Secretary of Defense William J. Lynn III will present the keynote “Defending a New Domain: The Pentagon’s Cyber Strategy” on Feb. 15 at RSA Conference 2011 in San Francisco, CA. The RSA Conference noted that Deputy Secretary Lynn’s address will close the keynote sessions, following an exciting series of presentations that include Art Coviello, President, RSA, The Security Division of EMC, and Executive VP, EMC Corp.; Enrique Salem, President & CEO Symantec Corp.; and, the annual Cryptographers’ panel featuring leaders in cryptography including Ronald Rivest, Viterbi Professor of Electrical Engineering and Computer Science, MIT, and Adi Shamir, Professor, Computer Science Department, Weizmann Institute of Science, Israel. Read the full press release here.

Unresolved Security Issues On RSA 2011 Agenda
This year’s RSA security conference suggests that IT vendors are still struggling to find solutions to problems that were highlighted in RSA 2010. The RSA 2011 conference, which is taking place this week in San Francisco, brings together enterprise IT experts and software vendors on a single platform to discuss the latest problems plaguing the industry and their possible solutions. However, according to V3, the schedule for RSA 2011 has striking similarities to last year’s conference, indicating that most of the problems voiced during RSA 2010 remain unsolved. Cloud computing was one of the main focus points for RSA 2010. Enterprises are still hesitant about hosting their sensitive company data along with private customer information on servers that are usually located outside the country they are operating in. Read the full IT Portal post here.

A Personal Preview of RSA
For those interested in government IT security, there’s no shortage of fare on the menu at RSA 2011, the information security conference being held in San Francisco this week. Personally, the highlight of the conference will be on Thursday, when GovInfoSecurity.com unveils the findings from the premiere Government Information Security Today survey, our poll of those in local, state and federal governments charged with safeguarding IT. I’ll be joined by David Matthews, deputy chief information security officer for the city of Seattle, who will add his interpretation to the results. I’m pleased that David’s joining me in this presentation because part of our survey addresses secure cloud computing, and he’s a recognized expert in the use of cloud computing in government. Read Eric Chabrow’s full GovInfoSecurity post here.

RSA 2011 Shows Familiar Problems Elude Solutions
This week the security world descends on San Francisco for the annual RSA conference. Arguably the biggest show of the year for enterprise IT, the conference brings vendors from all over the world to discuss the latest developments in the security space and the best methods for dealing with emerging threats and new challenges. In theory, the topics at RSA are always evolving. New challenges are met and every year new breakthroughs are made to deal with the problems of the previous year. Issues are addressed and new challenges arise in their place. This year, however, the rhetoric at RSA may sound awfully familiar. Read the full V3 post here.

RSA Conference Adds Focus on Cloud Computing Security
The buzzword for this year’s RSA Conference—cloud. The conference, which will run from Feb. 14 to Feb. 18 at the Moscone Center in San Francisco, has an entire track focused on cloud security. It is one of 17 class tracks available at this year’s conference, which typically draws a large crowd of vendors, researchers and security pros to the city. “Security is a rapidly evolving industry, and we’ve made some substantive changes to the tracks this year to help attendees get to the information they need,” said Hugh Thompson, RSA Conference program committee chair and advisory board member. “Cloud Security is a new track, and here you’ll find some of the best practitioners in the industry sharing information about operational cloud security, and how to manage identity, privacy and data security in the cloud.” Read the full eWeek article here.

Writing in American Banker this week, ITAC President Anne Wallace challenged RSA conference-goers to rethink computer security in a way that compels consumers to embrace it. It’s time they think more like consumer product developers and marketers, and makes her case in the excerpt below:

Consumer electronics companies are masters at understanding human behavior and creating products that anticipate and respond to human wants and needs. The most successful devices, and the applications that support them, are indispensable to their owners. By understanding how we behave today and what we will want tomorrow, Apple, Motorola and Research In Motion create compelling relationships between device and user.

The smartest processes, and the best technologies, are not effective if people do not want to use them, avoid them or will not update them.  Technology and processes depend on user adoption and consistent use to be effective. This appears to be the Achilles heel in our current approach to cybersecurity.

Is it crazy to suggest that we create new gadgets and technologies for security that are appealing and that people will want to use? It must be possible to design a technology that delivers such obvious value that people will want to have a relationship. I admit it is hard to imagine consumers lining up for the latest version of MyCyberSecurityBlanket the way they did for the iPad, or downloading the latest security app the way they downloaded Angry Birds, but shouldn’t that be our inspiration?

In order to recruiting citizens in the war on cybercrime, the industry must develop and market tools that are easy-to-use, intuitive, unobtrusive and maybe even emotionally rewarding.

Maybe there will be an app for that in 2012.

The Top Cybersecurity Stories in 2010
InformationWeek’s roster of the Top 10 Security Stories of 2010 reads like a Who’s Who – or, rather a What’s What – list of the biggest stories in all things cybersecurity. All the old favorites and even some 2010 upstarts were represented, from continuing debates about the federal government’s cybersecurity efforts to relatively recent headline-grabbers WikiLeaks and Stuxnet. Debate about the federal government’s cyber efforts reached a fever pitch this year. A July presidential commission report raised the alarm on the chronic shortage of federal cyber pros, calling it a “human capital crisis.” Read the full ExecutiveGov post here.

Data Breach Affects 4.9 Million Honda Customers
Japanese automaker Honda has put some 2.2 million customers in the United States on a security breach alert after a database containing information on the owners and their cars was hacked, according to reports. The compromised list contained names, login names, e-mail addresses and 17-character Vehicle Identification Number–an automotive industry standard–which was used to send welcome e-mail messages to customers that had registered for an Owner Link account. Another 2.7 million My Acura account users were also affected by the breach, but Honda said the list contained only e-mail addresses. Acura is the company’s luxury vehicle brand. According to Honda’s notification e-mail to affected customers, the list was managed by a vendor. All Things Digital suggested, but could not confirm, that the vendor in question is e-mail marketing firm Silverpop Systems, which has been linked with the recent hacking incidents including that of fast-food giant McDonald’s. read the full ZDNet post here.

Geisinger Discloses Potential Patient Data Breach
Geisinger Health System acknowledged that some protected health information (PHI) of approximately 2,928 patients had been disclosed in an unauthorized manner in a press release dated Dec. 27, 2010. Affected patients were notified by letter, according to the provider. On or about Nov. 3, 2010, a limited amount of PHI was emailed by a former Geisinger Wyoming Valley Medical Center gastroenterologist from his Geisinger computer to his home email account in an unencrypted manner, the release stated. “The physician had sent this information to his home computer to complete an analysis of his procedures,” and Geisinger said it became aware of the action on Nov. 6. Read the full CMIO post here.

State Department Announces Cybersecurity Post
he U.S. State Department has created a new post aimed at coordinating agency cyber and cybersecurity efforts, including those that will protect confidential communication between the U.S. and other governments. The department unveiled the new post in the First Quadrennial Diplomacy and Development Review, released this week. The creation of the Office of the Coordinator for Cyber Issues was planned before the controversial publishing of 250,000 confidential U.S. diplomatic cables several weeks ago on the WikiLeaks website, officials said. Ostensibly, the new coordinator will help prevent such breaches and the international furor they cause in the future. Read the full InformationWeek story here.

Reporting Identity Fraud: Instructions from the U.S. Department of Justice
Reporting identity fraud as soon as the crime has been discovered is critical to minimize the damage done and perhaps even assist law enforcement in catching the identity thieves. Identity fraud, or identity theft, is a crime that has been on the rise for several years now. Typically carried out with some form of financial gain intended, misuse of the stolen information ranges from credit card use to passport falsification and can even be as extensive as the creation of an entirely false identity, complete with credit history. As discussed in detail elsewhere on the website, you will need to notify each of your creditors, financial institutions, and the three major credit reporting agencies. The following are the government agencies that should also be notified. On its website, the U.S. Department of Justice (DOJ) gives some instruction about how to handle the situation if you have some indication that your identity is being misused in some way. Read the full Credit Loan blog post here.

Kaigham “Ken” Gabriel spoke here at the Dec. 16 Cyber Security Forum, sponsored by The Atlantic and Government Executive magazines, and afterward spoke with American Forces Press Service.

He said the agency’s sole mission since its inception in 1958 has been to prevent and create technology surprises. Two of the agency’s recent cybersecurity programs, called CRASH and PROCEED, were created for that purpose.

CRASH, the Clean-slate Design of Resilient, Adaptive, Secure Hosts program, seeks to build new computer systems that resist cyberattacks. After successful attacks they would adapt, learn from the attack and repair themselves, Gabriel said.

CRASH evolved from a workshop DARPA held earlier this year where they pulled together cybersecurity and operating-system experts and infectious-disease biologists, he said.

“The first couple of hours, someone who was there described it as being like a junior high school dance,” he added. “All the biologists were on one side of the room, the computer scientists on the other. Finally one of them walked over and began talking, and they all started mixing.”

Some interesting ideas came out of the workshop, Gabriel said. One was that biology starts from the supposition that attackers — bacteria or viruses — will get through the body’s defenses. The body doesn’t even try to stop them; biology just deals with it.

The body doesn’t care how many times things get in, he added. And bodies are genetically diverse; viruses or bacteria that infect one body won’t necessarily infect all the others, or infect them in the same way.

This concept applies to computer vulnerabilities because most computer hardware is built the same way, Gabriel said.

“The idea is to look at the structure of computers, which are identical and have no security in the hardware … because performance was king 15 or 20 years ago,” he said. “Transistors and computer performance were precious and you didn’t give up any of it to security. Now, the world is different.”

Today, security could be added to computer hardware, giving computers a sort of genetic diversity that would make them less vulnerable to cyber infections.

Getting such new, more robust hardware architecture into the market will take some time, Gabriel said, noting that the reason for programs like CRASH is to create something he calls convergence between cyberthreats and cybersecurity.

To analyze the problem of convergence, DARPA compared the number of lines of source code written over 20 years in security software and the number of lines of code in malware written over the same period.

Over 20 years, he said, the lines of code in security software increased from about 10,000 to 10 million lines. The number of lines of code in malware was surprisingly constant at about 125 lines.

This analysis and others “led us to understand that many of the things we’re doing are useful, but they’re not convergent with the problem,” Gabriel said. “We’re never going to catch up [with malware], so how do we change the game? How do we essentially create surprise for our adversaries in this challenge area?”

Along with CRASH, another way is PROCEED, or Programming Computation on Encrypted Data, he said.

“Encryption is one way of protecting things, but if you want to operate on encrypted data — process it, do something with it — you have to decrypt it first. You operate on it while it’s in a decrypted state, then take your result, encrypt that again and send it on,” Gabriel said.

For the past 20 or 30 years, people have been debating about whether it’s possible to do operations on encrypted data without decrypting it first.

“It was considered to be such a difficult problem that people were mathematically trying to prove it couldn’t be done,” he said.

“Then, about a year and a half ago, someone proved that it could be done. That’s the good news. The bad news is, it’s very inefficient right now — 12 orders of magnitude less efficient than it needs to be.”

PROCEED is working to improve that efficiency, he said.

“If we were able to do relevant sorts of operations without ever having to decrypt, that would be a tremendous gain because … whenever you decrypt into the open, you create vulnerability,” Gabriel said.

Convergence is the objective of both programs, he added. “They are aggressive programs; they may or may not be successful. That’s the nature of DARPA. But we have high hopes.”

Check out the full Armed Forces Press Service article here.

Protect Yourself From Identity Theft on Cyber Monday
Now that the holiday shopping season is in full swing the malls, internet, and other shopping centers are packed with shoppers. While the holiday shopping season may be busy for you, it can be even busier for identity thieves. Whether you are shopping at brick-and-mortar stores or doing your holiday shopping online, it is important that shoppers take measures to ensure their identity is protected. Read the full All News Wire post here.

London 2012 Olympics: Ticket Sites for the Games Vulnerable to Cyber Attack
The London 2012 Olympic-related websites for ticketing, timing, results and television broadcasting are more vulnerable to cyber-attack than established websites because of their temporary status, it has been claimed. The warning by the International Olympic Committee’s security adviser comes before eight million Olympic Games tickets worth £500 million go on sale to the public next February and March with applicants expected to lodge their ticket preferences online. Read the full Telegraph UK article here.

DHS Cybersecurity Center Promotes Information Sharing
The Department of Homeland Security (DHS) has launched a new cybersecurity center aimed at communicating more efficiently with state and local governments about potential cybersecurity threats to critical U.S. infrastructure. The Multi-State Information Sharing and Analysis Center (MS-ISAC) Cyber Security Operations Center is a 24-hour watch and warning facility aimed at giving government officials at the state and local levels better situational awareness about cybersecurity incidents, according to the DHS. Read the full InformationWeek article here.

Bill Could Give Homeland Security Power Over Tech Giants
Some members of Congress, concerned about shoddy cybersecurity at government and critical technology websites, are proposing that the Department of Homeland Security should have the power to force private networks to secure themselves more effectively. But several cybersecurity experts say a broadly worded bill that has been referred to the House Committee on Homeland Security could impact many ordinary tech firms that merely play a role in infrastructure. If the bill becomes law, even firms like Apple, Microsoft and Google could come under DHS’s thumb, says Michael Gregg, chief operating officer of the cybersecurity firm Superior Solutions. Read the full Fox News post here.

Arming Cyber Warriors to Fight and Win Global Cyber War
Despite military superpower status, the United States is more vulnerable to cyber attack than any other country today with key financial, communications, and military operations networked via infrastructures riddled with vulnerabilities. Compounding this problem is a growing cyber warrior crisis. U.S. forces are badly outnumbered by those with the means and motivation to inflict massive damage on our vulnerable infrastructures. While we in the United States study the problem, rival nations and criminal organizations invest heavily in cultivating their cyber warriors, recruiting thousands of computer-savvy soldiers tasked with developing new, more advanced techniques and attacks. Read the full CivSource column here.

Welcome to the Monday Morning News Kick Off post from the ITAC blog. With National Cybersecurity Awareness Month now in full swing, there seems to be no limit to the amount of cybersecurity-related news that’s happening right now. From the GAO report on the lack of progress on the cybersecurity front by the Obama Administration to NATO and its struggle with cybersecurity, cyber issues are everywhere. And, this us a good thing. We need to continually shine a light on this issue until we come up — as a nation and as members of private industry — with long-lasting solutions.

New Cyber-Security PSA Wants You to ‘Stop. Think. Connect.’
“Stop. Think. Connect.” That’s the unifying message for this year’s Cyber Security Awareness Month, and the slogan for a new public education campaign. Said campaign is being spearheaded by the National Cyber Security Alliance, the Anti-Phishing Working Group (APWG), countless government agencies (including the Department of Homeland Security), and companies such as Microsoft, Google, PayPal and Facebook. It’s a first-of-its-kind campaign in the U.S., a result of widespread fears that the country’s digital infrastructure could one day face a serious cyber-attack, and that computer users comprise the Web’s weakest link. Read the full Switched post here.

Special Report: The Pentagon’s New Cyber Warriors
Guarding water wells and granaries from enemy raids is as old as war itself. In the Middle Ages, vital resources were hoarded behind castle walls, protected by moats, drawbridges and knights with double-edged swords. Today, U.S. national security planners are proposing that the 21st century’s critical infrastructure — power grids, communications, water utilities, financial networks — be similarly shielded from cyber marauders and other foes. The ramparts would be virtual, their perimeters policed by the Pentagon and backed by digital weapons capable of circling the globe in milliseconds to knock out targets. Check out the full Reuters story here.

GAO: Little Progress on Cybersecurity
Most of the 24 recommendations outlined in President Obama’s 2009 cyber policy review report have not been implemented, according to a Government Accountability Office report. Officials charged with carrying out cybersecurity efforts told GAO they have not received specific roles and responsibilities. They also said that some recommendations are too broad and could take several years to implement. Only two recommendations have been fully implemented: the appointment of Howard Schmidt as White House cybersecurity coordinator in December 2009, seven months after the report, and the appointment of White House privacy and civil liberty official, Tim Edgar, also in late 2009. The report found that 16 of the 22 partially implemented recommendations do not have milestones or plans for implementation. Read the full Federal Times article here.

Cybersecurity is a ‘Constant Struggle,’ NATO Commander Says
NATO Supreme Allied Commander for Europe Adm. James Stavridis says governments the world over are battling cybersecurity issues. “Governments are struggling with [cybersecurity] individually,” he said. “Within their borders, within their cyberspace, they’re attempting to find the balance between availability of information and control of information.” Stavridis also said nations around the world “face a constant struggle to understand the interchanging world of cybersecurity,” because of the Internet’s massive size and number of users from across the globe. Read the full ExecutiveGov post here.

FBI Thwarts Data Breach at Akamai Technologies
Elliot Doxer, who worked in the Akamai finance department, was arrested and charged with secretly providing confidential business information over an 18-month period to an undercover FBI agent he thought worked for a foreign government, according to a release from the US Attorney’s Office for the District of Massachusetts. Doxer is charged with one count of wire fraud for providing Akamai customer lists, contract details, and employee information. He also is charged with describing Akamai’s physical and computer security systems and offering to travel to the foreign country and to support special and sensitive operations in his local area, if needed. In 2006, Doxer contacted the undisclosed foreign country’s consulate in Boston to offer confidential Akamai information. The likely country of contact was Israel because Doxer identified himself in court papers as a Jewish-American who wanted to help “our homeland and our war against our enemies”. He also asked for $3000 because of the risks he was taking. Read the full InfoSecurity article here.

A Data Breach Doesn’t Have to be a Death Sentence for Business
In today’s high-tech era, data breaches have become increasingly more common, and increasingly costly, with the average breach costing more than $200 per compromised record, according to estimates by the Ponemon Institute. These estimates do not take into account the increasing possibility that a company that experiences a breach could become a target of an investigation by law enforcement, including state attorneys general, incurring additional costs and harm to the company’s reputation that can accompany such investigation. Attorneys general have become increasingly aggressive in enforcing their states’ data breach notification and data privacy laws, and they are using those laws to justify investigations into how those data breaches occurred. The attorneys general in D.C., Maryland and Virginia are no exception, and they have acted both independently, and with their brethren in other states, to punish businesses they believe have been lax in data security matters. Read the full Washington Business Journal article here.

National Guard Leak Highlights ID Theft Concerns
While the Mississippi National Guard is trying find out how personnel records of more than 2,600 members of the 155th Brigade Combat Team were accidentally posted online, it’s uncertain if any of the information was actually compromised. Still, that kind of situation shows some form of potential identity theft can happen to anyone at any time. In fact, it’s considered the fastest growing crime in America. Many, though, don’t know how to defend themselves. Read the full WTVA.com post here.

Well, Dr. Prescott Winter, the former Chief Technology Officer at the National Security Agency (NSA), has a very unique and bold idea. Countries a that harbour cyber criminals should be locked out of the global internet until their governments do something to reduce the threats.

According to the Sydney Morning Herald article, Winter said that when countries are consistently introducing cyber threats the global community should band together to effectively shut them out of the internet until their governments do something about it

Hmmm…bold proposition for sure. Is is possible? We don’t know. We welcome all thoughts, ideas and feedback.